Lianhe Zaobao, Canvas遭网络攻击 网安专家：本地可能10多所机构受波及

(Summarised translation)

The cyberattack on online learning platform Canvas continues to escalate. Based on open-source intelligence and publicly available information, local cybersecurity experts estimate that more than 10 educational institutions in Singapore may have been affected. Among them, NTUC LearningHub, the National University of Singapore, and the Singapore Institute of Management have advised staff and students to reset their account passwords as a precautionary measure.

Canvas, a learning management platform developed by US education technology company Instructure, suffered a cyberattack last Thursday (May 7), causing service disruptions that affected more than 8,000 educational institutions worldwide. The ransomware group ShinyHunters has claimed responsibility and threatened to release the stolen data if a ransom is not paid by May 12.

Dr Victor Keong, a senior lecturer from the Singapore University of Technology and Design’s Information Systems Technology and Design pillar and a cybersecurity expert with more than 30 years of experience, told Lianhe Zaobao in an interview on Sunday (May 10) that the impact of this large-scale cyberattack is significant. Based on information released by the hackers and open-source intelligence (OSINT) data, he tracked the scope of the incident locally and estimated that as many as 18 local universities, private education institutions, and related organisations may have been affected.

Dr Keong compiled the collected information into an online dashboard and configured the website to automatically collect and update data regularly, allowing the public to stay informed of the latest developments. The site also provides relevant information to help information security personnel at higher education institutions prevent and respond to cybersecurity incidents.

At present, institutions confirmed to have been affected include NTUC LearningHub, the National University of Singapore, the Singapore Institute of Management, the Singapore University of Social Sciences, and the Institute of Singapore Chartered Accountants (ISCA).

Dr Keong believes that universities advising staff and students to reset their passwords is a prudent measure. This helps prevent malicious actors from exploiting any leaked information to gain access to passwords and infiltrate school systems.

He also reminded affected users to stay vigilant against phishing emails that criminals may send under the pretext of the Canvas platform cyberattack. Once users open such emails, they may unknowingly download malware, leading to further cybersecurity risks.